OPERATING  AND  SUPPORT  HAZARD  ANALYSIS 

FOR 

SELF-CONTAINED  NAVIGATION  SYSTEM 
LSI  MODEL  6216A,  B,  &  C 
GROUP  "B" 

Report  No.  6216-019 

30  May  1986  D' 

Contract  No .?  09603-85 -C- 1224  . 

Data  Item  0211 


DTIC 

ELECTE 
‘  JUL  0  1  >986 


Prepared  by: 


Date: 


3" 


Approved  by* 


Date: 


Dionun i  rnoN  jriyrpw  i  ' .  j 

Approved  fo»  pnblv'  n 
Dintiibution  UnUti'tod 


SI  LiAA  |I«QLIA  INC 
VI  tN*T*UM*NT  DIVIBION 

iMStlUNAvi  &|  QM*NO  Ui  4|Si>« 


v  r*r«  -s  -r j.  ***  * 


Report  No.  6216-019 
Revision 


SUMMARY 

Review  of  the  drawings,  sketches  and  documentation  available  as  of  this 
writing  reveal  no  serious  Category  I  or  II  hazards  with  the  exception  of  two 
items.  One  involves  the  DVS  installation  and  removal  related  to  dropping. 

If  the  T.O.s  are  followed  and  proper  equipment  used,  this  concern  is  mini¬ 
mized.  The  other  concern  is  of  overheat  damage  to  the  ICDU  in  event  of  fan 
failure.  Recommendations  are  provided  for  resolving  the  concern  and  an 
open  action  item  exists  to  assure  follow-up. 

Further  analysis  will  be  performed  as  drawings  are  completed.  Changes 
and  updates  will  be  included  in  future  edition  of  this  document. 
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GENERAL  -  This  document  constitutes  the  Operating  and  Support 
Hazard  Analysis  (O&SHA)  for  the  C-130  Self-Contained  Naviga¬ 
tion  System  (SCNS)  Group ‘‘"B"1  LRUs .  It  provides  a  hazard 
assessment  of  use  and  maintenance  of  the  individual  LRUs 
provided  by  LSI . 


PURPOSE  -  IAW  MIL-STD-882A,  the  purpose  of  an  O&SHA  is  to 
identify  and  control  hazards  to  personnel  and  to  the  system, 
or  related  to  production,  installation,  maintenance,  test, 
operation,  etc.  This  O&SHA  is  limited  to  design  of  the 
Group  '"B"  LRUs  as  the  design  affects  operational  use  and 
maintenance  safety  of  personnel  working  in  or  around  the^ 
equipment,  including  ground  and  flight  crews.  ..  j  f  '  -■ 


SCOPE  -  The  scope  of  this  analysis  is  limited  to  the  new  SCNS 
"B"  components,  the  Integrated  Control  Display  Unit  (ICDU), 
the  Bus  Integrated  Computer  Unit  (BICU)  and  vendor  data  on 
the  Doppler  Velocity  Sensor  (DVS).  The  analysis  is  limited  to 
LRU  level  safety  concerns  affecting  their  use  and  maintenance, 
shipping  and  storage. 


APPLICABLE  DOCUMENTS 


GOVERNMENT  DOCUMENTS  -  The  following  documents  of  the  exact 
issue  shown  are  used  in  the  preparation  of  this  analysis  and 
report. 


MIL-STD-882A 


System  Safety  Program  Requirements 
(paragraph  5 .5. 1 .4) . 


DI-H-7048 


System  Safety  Hazard  Analysis 
Report  (paragraph  10.2.4) 


DH1-6  (Edition  5) 


System  Safety  Design  Handbook 


84-MMSRE-005-DVS 


Doppler  Velocity  Sensor  (DVS), 
C-130  Self-Contained  Navigation 
System  SCNS,  Specification  for 


84-MMSRE-006-ICDS 


Integration,  Computation  and 
Display  System  (LCDS)  Self- 
Contained  Navigation  System  SCNS 
Control,  Specification  for 


84-MMSRE-009-C- 130 


Self-Contained  Navigation  System 
(SCNS)  Integration,  Fah'-icatiun , 
installation  and  Test  of,  C-130 
Aircraft 
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NON- GOVERNMENT  DOCUMENTS 

Report  No. 
TRE/SD101766C-2 


Navigation  Set,  Radar  AN/APN-218 
Operating  Hazard  Analysis  for 
C--13Q  Production  (originally 
submitted  to  ASD/ENAMD  under 
Contract  No.  F33657-77-C-0098 
Data  Item  200Z) 


SYSTEM  DESCRIPTION 


GENERAL  DESCRIPTION  -  The  SCNS  is  comprised  of  a  Doppler 
Velocity  Sensor  (DVS),  Inertial  Navigation  System  (INS), 
Integration  Computation  and  Display  System  (ICDS) ,  and  the 
associated  installation  Group  A  kit  to  provide  doppler  aided 
INS  navigation,  INS  only,  Doppler  only  and  TAS/HDG  naviga¬ 
tion  modes,  and  control  of  the  various  C-130  communication/ 
navigation  (comm/nav)  systems.  The  SCNS  ICDS  consists  of 
three  Integrated  Control  Display  Units  (ICDU)  and  one  Bus 
Integration  Computer  Unit  (BICU)  for  all  C-130  aircraft 
•except  that  the  HC-130H  will  have  an  additional  ICDU  for  the 
radio  control. block  diagram  is  shown  in  figure  1. 

In  conjunction  with  the  SCNS  installation,  the  following 
systems/components  will  be  removed  from  the  various  C-130 
configurations . 

AN/APN-147  Doppler 
AN/ASN-35  Doppler  Computer 
ARN-131  Omega 

AN/ASN-24  or  PINS  (C-130E  AWADS  only) 

Radio  controls  for 

AN/ARC- 164  UKF  (one  control  retained) 

AN/ARC-186  VHF 

AN/ARC- 190  HF 

AN/ARN- 1 18  TACAN 

AN/ARN- 127  VOR/ILS 

USAF  Standard  VOR/ILS 

The  communication  and  navigation  radio  control  functions 
will  be  assumed  by  the  ICDUs  except  during  an  emergency  use 
of  a  UHF  backup  manual  control  head. 

MAJOR  COMPONENTS  -  A  list  of  major  components  is  provided  in 
table  I. 
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MODEL  NO. 


LST.-2580F 


LSI-2905A 


LSI-2905B 


LSI-2590A 

APN-218 

SNU  84-1 


Table  I.  Major  Component  List 


GROUP 

A 

B 

V 

V 

V 

V 

GFE 

V 

V 

V 

V 

V 
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DESCRIPTION 


Integrated  Control 
Display  Unit 


LOCATION 


Left  side  forward  on 
center  console  for 
pilot.  Right  side  for¬ 
ward  for  co-pilot.  Nav 
panel  for  navigator. 
Radio  operator's  panel 
for  HC-130. 


Bus  Interface  Computer  New  equipment  rack. 
Unit 

Bus  Interface  Computer  New  equipment  rack. 
Unit  with  Added  Radar 
Interface  Card  (AWADS) 

Doppler  Velocity  Sensor  Belly  of  aircraft 


Sensor 

Electrical  A-Kit 

Mechanical  A-Kit 

Flight  Director  Mode 
Select  panel  modi fica- 
tions 

SCNS  Control  Panel 
INU  Battery 


Aircraft  floor  below 
new  equipment  rack 

Several  variations 


Several  variations 

Instrument  Panel 
(also  a  panel  on  the 
pedestal  for  C-130B) 

Nav  Station 

Battery  Compartment 
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3.2.3 
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3.3.2 
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ICDS  -  The  ICDS  consists  of  two  major  components:  the  Inte¬ 
grated  Control  Display  Unit  (ICDU)  and  the  Bus  Integration 
Computer  Unit  (BICU) .  All  aircraft  configurations  utilize 
fully  interchangeable  ICDUs:  pilot's,  co-pilot's,  navigator's 
and  radio  operator's  (HC-130H).  Jumper  wires  in  the  aircraft 
installation  indicate  its  particular  station  location  to 
each  ICDU.  One  basic  BICU  design  is  utilized  in  all  SCNS 
configurations  with  the  exception  of  the  BICU  for  the  AWADS 
aircraft,  It  adds  a  third  circular  connector  and  SRUs  for 
the  radar  interface.  Connector  jumper  wires  indicate  to  the 
BICU  into  which  aircraft  model  it  is  installed. 

INS  -  The  Inertial  Navigation  System  (INS)  consists  of  three 
major  components:  the  Inertial  Navigation  Unit  (INU),  the 
INU  mount,  and  the  SCNS  battery  subsystem.  The  SCNS  INU 
conforms  to  requirements  of  the  F3  SNU  84-1  and  SNU  84-3 
specifications  and  is  GFE. 

DVS  -  The  Doppler  Velocity  Sensor  (DVS)  consists  of  the 
APN-218  Air  Force  Standard  Doppler.  The  DVS  provides  basic 
navigation  inputs  for  SCNS  independent  doppler  navigation 
capability  and  for  integrated  INS/Doppler  capability.  It  is 
contractor  supplied. 

SYSTEM  FUNCTIONS  -  The  SCNS  primary  function  is  to  provide 
highly  accurate  and  reliable  self-contained  navigation 
capability  for  the  MAC  C-130  Tactical  Airlift  Operations. 

These  missions  and  operations  are  defined  in  MACR  55-130, 
Military  Airlift  Command  Regulation. 

MAJOR  FUNCTIONS  -  The  SCNS  provides  the  following  major 
functions . 

□  Navigation  modes  and  position  update  capability. 

□  Integrated  control  and  display  of  navigation,  commun¬ 
ication,  guidance,  and  steering  functions. 

□  Aircraft  guidance  and  steering  -  including  flight  plan, 
time  of  arrival,  CARP,  SAR,  and  rendezvous. 

SECONDARY  FUNCTIONS  -  Additional  features  are  provided  to 
improve  performance,  reduce  crew  workload,  and  minimize 
aircraft  maintenance  time.  Specifically,  these  are: 

Q  TACAN  mixing  to  improve  navigation  accuracy. 
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Q  CARP  capability  that  will  reduce  crew  workload  and 
increase  mission  flexibility. 

□  Simple,  accurate,  and  quick  magnetic  compass  calibration 
procedures ■ 

SAFETY  CRITERIA  -  Certain  safety  criteria  IAW  MIL-STD-882A 
are  followed  in  this  O&SHA. 

SYSTEM  SAFETY  PRECEDENCE  -  Any  items  detected  as  fitting 
into  hazardous  categories  are  treated  in  the  following  order: 

a.  Redesign  to  eliminate  the  hazard,  if  possible. 

b.  Change  operating  procedure  to  eliminate  or  reduce 
occurrence. 

c.  Provide  training  recommendations  to  allow  personnel  to 
safely  work  in  the  presence  of  the  hazard. 

d.  Label  or  placard  hazards  and  provide  inputs  to  manuals. 

HAZARD  LEVEL  CATEGORIES  -  (criticality  definitions)  For  the 
purpose  of  the  hazard  analysis,  the  hazards  will  be  defined 
and  categorized  IAW  the  criticality  definitions  set  forth  . 
below  (ref.  MIL-STD-882A,  para.  5.4.3. 1). 

HAZARD  SEVERITY  -  Hazard  severity  categories  are  defined  to 
provide  a  qualitative  measure  of  the  worst  potential  conse¬ 
quences  resulting  from  personnel  error,  environmental  condi¬ 
tions,  design  inadequacies,  procedural  deficiencies,  system, 
subsystem  or  component  failure  or  malfunction  as  follows: 

a.  Category  I  -  Catastrophic  -  May  cause  death  or  system 
loss . 

b.  Category  II  -  Critical  -  May  cause  severe  injury,  severe 
occupational  illness,  or  major  system  damage. 

c.  Category  III  -  Marginal  -  May  cause  minor  injury,  minor 
occupational  illness,  or  minor  system  damage. 

d.  Category  IV  -  Negligible  -  Will  not  result  in  injury, 
occupational  illness,  or  system  damage. 
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HAZARD  PROBABILITY  -  The  probability  of  the  defined  hazard 
occurring  is  based  on  a  qualitative  judgment  for  the  purpose 
of  this  hazard  analysis,  The  probability  levels  quoted  here 
are  from  MIL-STD-882A,  Para.  5. 4. 3. 2. 


DESCRIPTIVE 

WORD 


LEVEL 


SPECIFIC  INDIVIDUAL 
ITEM 


FLEET  OR 
INVENTORY 


Frequent 


Likely  to  occur  frequently  Continuously  experienced 


Reasonably 

Probable 

Occasional 


Remote 


Extremely 

Improbable 


Impossible 


Will  occur  several  times  in 
life  of  an  item 

Likely  to  occur  sometime  in 
life  of  an  item 

So  unlikely,  it  can  be 
assumed  that  this  hazard 
will  not  be  experienced 

Probability  of  occurrence 
cannot  be  distinguished  from 
zero. 

Physically  impossible  to 


Will  occur  frequently 


Will  occur  several  times 


Unlikely  to  occur  but 
possible 


So  unlikely,  it  can  be 
assumed  that  this  hazard 
will  not  be  experienced. 

Physically  impossible  to 


4.2.3 


DVS  HAZARD  CATEGORY  LEVELS  -  It  should  be  noted  that  the 
referenced  Teledyne  Ryan  Electronic  (TRE)  DVS  Operating 
Hazard  Analysis  uses  the  older  MIL-STD-882  Hazard  Category 
and  probability  rating  system  whereas  this  document  uses 
categories  prescribed  in  MIL-STD-882A. 
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OPERATING  AND  SUPPORT  HAZARD  ANALYSIS  -  The  Hazard  Analysis 
is  comprised  of  the  following  sections. 

□  Integrated  Control  Display  Unit  (ICDU) 


□  Bus  Integration  Computer  Unit  (BICU) 

□  Doppler  Velocity  Sensor  (DVS) 

The  ICDU  and  BICU  analyses  are  done  as  follows: 

□  Available  mechanical  drawings  and  sketches  are  reviewed 
and  analyzed  for  safety  critical  items.  Examples  are 
mounting  and  removal  methods,  weights,  handles,  sharp 
edges,  case  of  damage,  temperatures,  connector  access 
and  high  voltage  location. 

□  Available  schematics  and  sketches  are  reviewed  for  high 
voltage  hazards,  relative  location  of  voltages,  signals 
and  grounds  in  connectors  and  wiring  and  possible 
cascading  failures. 

The  intent  is  to  assure  that  operation  and  use  of  the  ICDU 
and  BICU  do  not  create  or.  cause  hazardous  conditions  to 
airplane  or  crew  when  installed  and  in  use  or  to  the  mainte¬ 
nance  personnel  during  installation,  removal,  test  and 
repair. 

The  DVS  analysis  is  limited  to  a  review  of  the  Operating 
Hazard  analysis  received  from  the  vendor  and  attached  hereto. 

ICDU  AND  BICU  ANALYSIS  -  Tables  II  and  III  respectively  list 
the  available  ICDU  and  BICU  drawings,  their  status  as  of 
this  analysis  and  an  item  reference  number  for  use  where 
cross  indexing  with  text  or  matrix  sheets  may  be  useful. 

These  listed  drawings  are  both  schematic  end  assembly  draw¬ 
ings.  Some  are  sketches.  They  will  be  reviewed  again  upon 
individual  completion  and  again  upon  formal  release.  The 
results  of  these  later  reviews  and  analyses  will  be  included 
in  a  later  edition  of  this  Safety  Report. 
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5.1.1  ICDU  -  Initial  analysis  does  not  indicate  any  Category  I  or 

II  hazards  in  or  out  of  the  aircraft.  High  voltages  used  by 
the  CRT  portion  of  the  ICDU  are  a^  quately  protected,  and 
required  warning  and  caution  pla  ds  are  being  provided.  No 
problems  in  removal  or  inBtallati  ..  that  could  prove  hazardous 
have  been  found.  The  CRT  appears  to  be  safe  from  explosion 
hazards.  There  is  some  concern  for  the  ultimate  internal 
temperature  in  event  of  fan  failure.  This  is  presently 
considered  more  of  a  reliability  problem  than  a  safety 
problem  and  is  the  subject  of  an  action  item  to  be  resolved. 
Weight  and  handling  are  not  a  problem. 


U*,' 


I 

f? 


5.1.2  6ICU  -  Initial  analysis  does  not  Indicate  any  Category  I  or 

II  hazards.  The  highest  voltage  in  the  BICU  is  115  volts 
400  Hz  primary  power.  Protection  and  caution  labels  will 
take  care  of  this  potential  problem  for  maintenance  personnel 
during  open  box  test  and  repair.  Weight  and  handling  are  not 
a  problem. 

5.2  DVS  ANALYSIS  -  The  OHA  received  from  the  DVS  supplier  is 
listed  in  section  2.2. 

Review  of  this  report  indicates  many  equivalent  Category  I 
and  II  hazards  listed.  The  hazards  listed  do  not  exist, 
however,  because  the  necessary  steps  have  been  taken  to 
prevent  them.  As  listed,  they  are  essentially  what  the 
hazard  could  be  rather  than  what  it  is.  The  items  listed 
are  believed  to  be  only  marginal  to  negligible  or  Category 

III  and  IV  IAW  MIL-STD-882A. 


■ 


An  item  not  mentioned,  relates  to  the  weight  and  handling 
difficulty  during  removal  and  installation  in  the  belly  of 
the  aircraft.  The  LRU  could  be  easily  dropped  or  bent  (if 
partially  attached)  and  be  damaged  or  do  injury  to  personnel. 
Proper  tools  and  procedures  must  be  ”.?ed  thus  minimizing  any 
handling  hazard.  , 
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Table  II.  ICDU  Drawings  Reviewed 


Drawings  Reviewed 


168002  Preliminary  Schematic  Diag. 

CPU/Mem  Board  (SCNS) 


Drawings  Reviewed  (Continued) 


